The recently released Java 7 Update 11 has been blocked by Apple through its XProtect anti-malware feature in OS X.
Oracle issued the latest update to Java earlier this month to fix a serious zero-day security flaw. The threat was so serious that the U.S. Department of Homeland Security had recommended that all Java 7 users disable or uninstall the software until a patch was issued.
Apple took action on its own and quietly disabled the plugin through its OS X anti-malware system. And as noted by MacGeneration on Thursday, Apple has again updated its OS X XProtect list, this time to block Java 7 Update 11.
Because Oracle has yet to issue a newer version of Java that addresses any outstanding issues, Mac users are prevented from running Java on their system.
Over the last few years, Apple has moved to gradually remove Java from OS X. The Mac maker dropped the Java runtime from the default installation for OS X 10.7 Lion when the operating system update launched in 2010. Java vulnerabilities have been a common exploit used by malicious hackers looking to exploit the OS X platform.
Most notably, the "Flashback" trojan that spread last year was said to have infected as many as 600,000 Macs worldwide at its peak. Apple addressed the issue by releasing a removal tool specifically tailored for the malware, and also disabled the Java runtime in its Safari web browser starting with version 5.1.7.
49 Comments
I completely understand that Apple is acting to protect the vast majority of its users, users who have no idea what Java is or even if they have it installed. But shouldn't they also have an option for users who know the risks but want Java anyway, an option to allow the installation of the plugin?
Good for you Apple. May it go the ways Flash is going. Or has, I actually don't know.
Not Apple's style (to allow workarounds). Not judging whether that's good or bad. As an individual user I'd like the option but as an IT administrator responsible for Windows computers I see the challenges everyday of trying to walk people through workarounds and then fixes for their workarounds.
Not Apple's style (to allow workarounds). Not judging whether that's good or bad. As an individual user I'd like the option but as an IT administrator responsible for Windows computers I see the challenges everyday of trying to walk people through workarounds and then fixes for their workarounds.
Can't you install the needed plug-ins yourself? Or has Apple now completely disallowed it on OS altogether?
I think the disallow list only works for certain browsers, the workaround is to use a third party browser.